node-wpapi: 401 : Sorry, you are not allowed to create posts as this user

I have tried the same thing mentioned in it and I am getting below error message.

the account I am using is the Administrator and I have WP BASIC Auth (https://github.com/wokamoto/wp-basic-auth) plugin installed.

{
    "data": {
        "code": "rest_cannot_create",
        "message": "Sorry, you are not allowed to create posts as this user.",
        "data": {
            "status": 401
        }
    },
    "headers": {
        "Allow": "GET"
    },
    "status": 401
}

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 16

Most upvoted comments

I spent hours facing the same problem and finally got it to work. The only plugin I installed was Application Passwords. I also edited the .htaccess file per the comments above. The issue I ran into was what username to use for the authorization header. I was trying to use the name assigned to the password generated through Application Passwords. In reality, you should use your actual username, which in my case is just “admin” (along with the password from Application Passwords).

+23
mattcullenmeyer on Apr 24, 2019

No amount of hacking the .htaccess file nor installing this plugin has the correct effect. Whenever I try to upload media with credentials that I know to be correct, I get “Sorry, you are not allowed to create posts as this user”. This makes absolutely no sense as the user is me and I’m an admin.

+16
samdoj on Apr 4, 2018
Screenshot 2024-04-13 at 10 17 07 AM I resolved this by creating an Application Password From 'User' Menu
+3
sagar03d on Apr 13, 2024

The original suggestion didn’t work for me (On Local by Flywheel) This worked: https://wordpress.stackexchange.com/a/310898/90061

+3
arunbasillal on Apr 9, 2020

I spent hours facing the same problem and finally got it to work. The only plugin I installed was Application Passwords. I also edited the .htaccess file per the comments above. The issue I ran into was what username to use for the authorization header. I was trying to use the name assigned to the password generated through Application Passwords. In reality, you should use your actual username, which in my case is just “admin” (along with the password from Application Passwords).

This is the actual answer here.

Same username, but generated Application Password.

+2
LukeV111 on Jun 25, 2020

For anyone else who encounters this problem, you need to install and activate the ‘Application Passwords’ plugin and then follow the instructions given here: https://github.com/georgestephanis/application-passwords/wiki/Basic-Authorization-Header----Missing But you don’t need to actually set up any Application Passwords for your users.

+2
richplastow on Mar 31, 2018

go to .htaccess file and replace all below text

# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>

# END WordPress

+1
kirankumarbiradar on Jun 16, 2023

I was facing the same issue and the problem is, I forgot to add these lines in htaccess file.

RewriteCond %{HTTP:Authorization} ^(.) RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1] SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

You can also check below link to know how and where to add these lines.

https://github.com/imranhsayed/react-with-wordpress/

+1
geniecoder on Apr 12, 2020
Read more comments on GitHub
← i2cssh: i2cssh fails on Mojave
node-wpapi: Error "rest_cannot_create", status 401 →